‘What’s Your Tolerance Level for Fraud?’

Author’s Note: Tomorrow I’ll return to a nice schedule of cannabis, tarot, and meditative content. But for now, allow me to indulge in a bit of navel gazing, and publish this piece I’ve been thinking about for over a decade. I’m calling this an early birthday present, as I’ve wanted this off my chest for a pretty long time!

A couple of years ago, I ran into a dilemma. My organization was committing fraud.

I knew without a doubt they were committing fraud.

They had created a mobile vasectomy program, but had failed to fully credential / contract with the physician performing the vasectomies. That did not stop them from billing the state and patient for the services under a different physician’s name (don’t worry, these patients got vasectomies and were all safe, but it’s the POTENTIAL for danger and the fraudulent billing that got to me).

Forever a fan of a good portmanteau, I declared the program “Vansectomy” and informed the clinic that “Dr. Vansectomy” needed to have a contract AND have his credentials vetted before they continued to take the state’s money for this program. Since I was also the person in charge of their EHR, I wanted confirmation that this credentialling was complete so I could enter the credentials into the EHR.My stance was considered a controversial by the non-profit clinic’s management, and very quickly brought me at odds with them.

During this whole thing, I was pulled aside by the Billing Director (it’s always the billing directors), who told me “We all have a different tolerance level for fraud in this industry, I guess you need to think about it — what’s your tolerance level for fraud?” which sent my mind to a very direct path to a dark place. I think she was intending that I would think “yeah, mistakes happen all the time as long as we fix it,” but that’s not what happened. Instead, I never recovered from where those thoughts took me.

After much consideration, I have an answer to her question, but I’m sure she got it when I served my resignation that day.

I’ve determined that for a wide variety of reasons, I have a lot of trauma responses packed around lies, manipulation, and other fraud-adjacent behaviors — and that ever since I started on this little ‘trauma healing’ project of mine, my tolerance level for fraud is at a lifetime low.

Especially for that industry.

Come with me while I unpack why Dr. Vansectomy and his enablers made a 20 year veteran run screaming from the field.

The Career

I started my career in healthcare in 1999 at University of Pittsburgh Medical Center and I did what every Boomer told me to do: I worked my way up. I’ll try and do this as quickly as possible.

As I studied at University of Pittsburgh for my writing degree, I worked in the accounting department for a group of physician practices.

I know yinz associate Pittsburgh with steel, but Pittsburgh is actually about meds and eds. I figured I was building a very stable career for myself.

I started as a temp, and after two years they hired me. It took that long because the entire division had 200% turnover and I was one of the few left standing. One of the positions with the largest turnover was for my direct supervisor, the Controller. I managed to stay there because I had built some databases that supported practice valuation and physician productivity reporting, and was learning to report out of Epic. I wasn’t actually doing journal entries anymore (I had a little spreadsheet model to calculate those). I mainly kept my head down, and wasn’t involved in a lot of the drama going on. My particular talent was taking different data sets, indexing them, and reporting them together. Now it’s called data warehousing, analytics — but at the time, it was just beginning to name itself.

Back to the job, I mentioned there was 200% turnover — the man who hired me was one of the first to go. A couple of years later, he recruited me to work at the Cancer Centers, where I spent several years in finance and then attached to the department of Radiation Oncology. There I was even heavier into the data: reverse engineering databases to figure out how to use them to more appropriately calculate billing, treatment levels, statistics determining the start of a course of treatment, marketing catchment areas. I came up with suites of reports based off of more accurate treatment data to replace self-reported numbers or billing numbers. I created data pulls so that other people could get research completed that the organization could use to drive reimbursement higher.

That sort of work is likely to get you recruited somewhere special, and it most certainly did — I left UPMC after 7 years to go and work some magic at NHS’s Beatson Oncology Center in Scotland. It was the most rewarding work I’d do in the field. There, I used everything I had learned to that point help them migrate some data, implement and upgrade a system. It is here that I made the switch from ‘business’ side to the Information Technology (IT) side. I believed in the work so much more because of Scotland’s socialized system.

I moved to Los Angeles to see if things would work out between Darren and myself, and during this time I started working with clients like Cedars-Sinai, Alta Med, and others as a business intelligence consultant. In addition to working with Epic data and specifically HL7 interfacing and Bridges, I helped design several Cognos systems for my consulting company’s clients. Eventually that wore me down — it felt like two full-time jobs and I really only wanted the one. This was also the most money I ever made in my career.

From there, I went to Kaiser Permanente as a Project Manager specializing in interfacing, revenue cycle, and oncology. I don’t know if you know this, but working at a company that has things at a national level can be taxing. I had moved so far away from the data at this point I didn’t have the same levels of job fulfillment that I had before, and the migraines that I was suffering from became worse and worse. The only work I did was billing and revenue cycle work (which I now hated more than I realized) and that tore my soul to shreds, so I negotiated a return to Scotland.

Darren and I headed to Pittsburgh to say goodbye and planned to move from there via boat. We made it as far as Pittsburgh when my job in Scotland was eliminated. I found myself back at University of Pittsburgh Medical Center.

I chose, however, to work for two rogue portions of it.

First up was Children’s Hospital. There, I worked as a senior analyst — but this time on Cerner data. Cerner is Epic’s competitor, and this was a good opportunity for me to have a lot of exposure to it. I was making 66% of what I had been making in LA when I left (and less than half of what I was making at my career’s high point). I started to work my way back up, slowly, but found that difficult as the VP at the time was sleeping with one of the junior analysts on my team.

When one of my coworkers escaped for a job with the Health Plan, he recruited me. I convinced myself that in the US, the only people that would actually care about the patient’s health are the people paying for it, the insurer. To join him at the Health Plan, I took a step downward — to an intermediate programmer title — and even took a paycut. It was going to be the only way for me to meaningfully move my career forward, and because I was being bullied at Children’s, I had to find something.

I was right to do so — It was there that I made the biggest advances upward: I quickly advanced to senior programmer, specifically to program Extract, Transform, and Load processes on the largest data sets we had at the organization. I took on the biggest , most ridiculous projects I could, including ICD-10, which required months of coding and testing. Eventually I became the lead of the production systems, meaning that I was the gatekeeper and curator of the organization’s data. From there, I moved to become the overall data architect for the organization, reporting to the VP.

I was so proud of where I had managed to work myself to! I was proud of the sort of work I’d be doing, but I’d never really get to do it.

There were a lot of nails to that coffin, but the largest factor in me leaving was organizational negligence in addressing ongoing harassment while simultaneously crowing about “dignity and respect” for everyone.

How they, and particularly my boss, treated me after I reported ongoing sexual harassment, reminded me too much of my family’s abuse and cover up. I even told my supervisor that specific psychological thing was happening — and he continued to not address this issue. The organization proposed an unacceptable solution that would have continued to put me a risk.

Is it any wonder I snapped? I had already been on the fence about how I felt about the work, and the industry in general. Because of UPMC’s prevalence in Pittsburgh and their logo dominating the skyline, I knew I could never recover or be happy there. After long discussions with Darren, we decided ‘fuck it,’ and that we’d move — eventually deciding on Springfield, Oregon.

As it often does, life didn’t deal me just one thing: it was also around this time I discovered the issues with my eye. I knew that a lot of people aren’t interested in hiring a cyclops (much less a middle aged one) — so I decided that maybe, just maybe, I could try and work for nonprofits in healthcare. What a dream — to use the skills and knowledge I had collected to support health work. The two non profits that I worked at, though exceptional, were just not able to keep up with or appropriately meet the standards of some of the laws.

I realized that it’s been over a decade since my heart was in the work. That my relationship with it was becoming toxic. I wanted to start doing work that I loved and believed in, and I felt I finally deserved the chance at my dream career: writing.

The Lessons: Seeing the Man Behind the Curtain

As you can see, I had a lot of opportunities to meet the man behind the curtain and see the sausage made (and any other metaphors you’d like to throw in). I’ve seen the nepotism, the back-biting, the incompetence in all the places I was hoping it wouldn’t be.

I lost ridiculous fights that I thought I’d never lose — I was on the losing side when I said “Don’t test that in production on the patient records of 3.5 million people.” I’ve seen organizations pay millions just to spite someone, going so far as making architectural changes to a building to do so. I’ve seen people make decisions to ‘allow things to fail’ to prove a point, when those failures put the patient’s data at risk.

There’s this idea that people have that doctors all love their patients, take the Hippocratic Oath, and are good people. That is some amazing public relations on the behalf of doctors — and I’m sure they are happy that people think that. Remember: for doctors to practice on you, they need you to trust them.

Anyway, sure, some of them are like that. The majority aren’t. Most of the time, I worked with doctors who became doctors because it was lucrative. And if you ever want to know what a ‘good’ person a doctor is, just check out how they treat IT and other staff.

There’s this idea that healthcare recruits great people into their technology departments because they can’t have their code fail, but often healthcare recruits fast-talking, well-connected contractors and consultants faster than talent. Health care organizations have a hard time recruiting people on permanent staff because they traditionally don’t pay well (that’s also why they have so many consultants and contractors).

It was very difficult as a consultant / contractor for me. I knew my time was often being misused to do something someone would have to support long term. It was rare I felt like I was part of a solution in those roles. More often, I knew I was part of an organizational problem (or was helping to ‘stop the bleeding’ for such a problem.

Sexual Harassment: It’s easier to name where it Wasn’t

It is well known that sexual harassment is rampant in healthcare, which is already very male-dominated. Information Technology is also male-dominated, so working at the cross-section is difficult to navigate as a woman. To say the least.

My trans friends, which includes those who are non-binary, also had a difficult time navigating those spaces.

Here in the US, healthcare is not an industry where people stand up to those in power. It is an industry built around people with powerful egos — specifically men with powerful egos. As organizations grow larger, the compartmentalization of division leadership also allows for more plausible deniability.

Instead of naming and shaming, I’m just going to list the harassment I experienced. I’m only listing the more ridiculous moments, I’d never be able to recall all of the tiny moments.

I have been physically grabbed more than once: my ass and my boobs. Once right in the middle of conversation because my boobs ‘looked nice.’

Shown pictures of them in underpants.

Was asked to have pictures taken of me.

Was asked if I got my tongue piercing to give better oral sex.

Was followed home from work by a coworker who wanted to ‘get to know me.’

Got inappropriate texts on my personal text that people got from a department call-in list.

Had a department director put his hands on my thigh during a department outing.

Was cornered during a department outing and physically pinned to a wall. When I told my boss about it, he told me we had to be friends with that department.

(These last two stopped me participating in department-wide outings).

Was touched inappropriately while getting a ride home from a coworker despite repeated requests that he stop.

Was asked if I liked enemas, and then told about how this person was getting addicted to how enemas made him feel, at which point i was asked to describe how enemas made me feel.

The Nasty Realities of The University Health System

Everything I just said above is compounded tenfold by the fucked up academic environment that a university health system introduces. The toxicity of these spaces can’t be overstated.

And maybe that doesn’t seem like a big deal to people, except it’s terrible. Environments like that lead to poor decision making. The sort of deicison making that makes university hospitals think it’s ok to give women pelvic exams without their consent, just because they are receiving care at a ‘teaching’ hospital.

The Single Point of Failure

The ‘single point of failure’ is so ridiculously endemic to health care that I’ve seen more than one presentation titled “If I Get Hit by A Bus” (and I’ve even written three of those myself: one had a sequel). There are so many little nuances and complexities in these environments that a lot of the data work ends up passing through a person that done that job for years. They get promoted, the data pull follows them until they move far enough away from it.

For instance I left one division of UPMC in 2001. When I returned to Pittsburgh from Los Angeles in 2010, I found out that division was still running some Crystal Reports I had written that worked across several data sources like Epic, etc.. They were still using my old PC to do it because of how I had the drivers configured, and it was causing quite the scuffle in IT because it was too old to be on the network.

You might think I’m joking, but I’m not.

Before you ask — of course it involved an Access database (business users, amiright?).

The Electronic Health Record

Let’s talk about the systems I worked with. Obviously there were the financial systems (D&B, Peoplesoft, Oracle, etc.) which were straightforward compared to the Electronic Health Record (EHR).

Back when I started, they weren’t nearly what they were today. Interfacing and networking wasn’t anywhere close to what they can do today, and certainly the idea of tablets, dictation on a mobile phone, etc. weren’t options that had to be dealt with. The costs of EHR are overwhelming, and are only escalating.

Configuration

The kicker is, EHR didn’t entirely streamline things. There’s been a recent study about the efficacy of Computerized Physician Order Entry Systems and their impact. When they are implemented and maintained well, a good EHR can be a great. But if they aren’t? They can be dangerous. And I mean dangerous.

I’ve seen configurations that could possibly dispense a different medication or possibly label a medication inappropriately. Often times extensive reconfiguration work has to be undertaken for each upgrade. Most of the upgrades are required within a certain span of time to maintain regulatory compliance. Keeping pace with regulations like this is impossible for many non-profits, and they are often allowed to opt out — even out of HIPAA.

Consultants

It’s not just the software, though. One of the two major vendors pretty much requires that organizations embed (and of course pay for maintenance of) one of their employees on-site. They also strenuously recommend / require that everyone who touches the system be certified by them, at their campus, yearly. This does not come cheap. Most organizations that run these systems need many consultants to do highly specialized work. Often, the consultants are road warriors — flying from their homes Sunday evening and back on Thursday. Those costs are passed to the patients (and the state and US governments via Medicare and Medicaid programs!).

That Party

Those aren’t the only costs. In one really horrible case, I was invited to a party to celebrate the successful move of a data center that contained the server for the EHR. The project was behind schedule and over budget by several million on a budget of just 10 million.

The party was held at a facility that cost tends of thousands to rent.

The Human Cost

I’ve seen a variety of mistakes in the medical record. Because I worked with a radiation dosage system, there were instances where patients were put in danger (I was hired in Scotland to help prevent such errors after an incident that resulted in a young girl’s death). While that wasn’t due to the EHR or radiation oncology system, it was due to workflow issues. There’s nothing that disrupts a workflow quite like an EHR.

EHR’s can create fatigue in their users for a variety of reasons, sometimes even just for capturing data. If they have to override too many things, it’s overwhelming. Think of this — when a dialog box comes up on your computer, do you read it? What if there were 10, every time you tried to do something? As this fatigue takes hold, actual warnings and important messages could (and have) been easily missed.

Medications and medication ordering require precision in systems administration and implementation that many do not have — and while large university health systems will have those positions supported by pharmacy-credentialed employees, many users of smaller EHR systems do not have that expertise configuring the system, nor do they continually check the systems for any stray clicks or incorrect information entry.

How’s the data?

A variety of people enter an array of information into the EHR daily. It’s not just nurses and physicians — administrators, billers, and front office staff do as well. Each of these actors has different goals for entering the data into the EHR. The data with the highest quality is the data that is used to bill — it is the data set that has had years of professionals pouring over it to ensure it was the highest quality.

The medical data has had a harder time of it, especially in newer areas of treatment where less is known about important data capture factors. I’ve seen the data capture points in some bleeding edge treatments change half a dozen times.

EHR’s can be both finicky and glitchy, are constantly under going transformation as health tech companies acquire each other, or some are just incorrectly configured.

There’s also the nature of health care itself. A patient presenting to the ER for a headache may actually eventually be diagnosed with something more catastrophic (let’s say Ebola which was my favorite to use until the Ebola breakout in 2014). The reason for visit and diagnosis are both important data capture points. While the diagnosis is selected as a presentation of ICD10 diagnosis descriptions, the Reason for Visit is often a free text field.

The sheer amount of free text in the EHR has made it difficult to extract insights: a lot of physicians will ignore the radio buttons to instead throw the required information in a treatment note. The lovely form an IT UI person put together for a physician often ends up giving them far ‘too many clicks’ when they could ‘just type it out.’ When a physician is expected to see 24 patients in a day, the demands of the EHR can be far too great.

The difficulty many physicians have in fully adopting EHR usage is also a huge pain point that is often relieved by more staff and new positions: frequently, medical scribes now enter information into the system for physicians, nurses, and others.

This has conspired to create a system with variable data robustness. The closer that data is to a bill or billing procedures, the more likely it is to have been preened by many. But most data in the record is not treated with the same amount of reverence.

This isn’t as prevalent at large institutions where millions upon millions are spent on the EHR. It is quite prevalent among the small clinics without the buying power and budgets, who have to deal with smaller-scale systems that don’t have the deep pockets that the EHR duopoly has created for the two major competitors in the field. This duopoly has pulled resources from any possible competitors: even the US government gave up a try at creating an EHR, and just went with Cerner after spending millions to create VISTA. That migration of data will be complete in around five years.

The Duopoly

Let’s talk about that duopoly. Politics has the duopoly of Democrats and Republicans. EHR has the duopoly of Epic and Cerner.

Cerner’s headquarters are in Kansas City, Missouri. Their reported income is 5.05 billion in 2020. They were founded by people who were colleagues at accounting firm Arthur Anderson. Arthur Anderson’s legacy was that it’s fraudulent accounting for Enron lead to the Sarbannes-Oxley act. Who wouldn’t want trustworthy people like that at the helm of health data?

Meanwhile, headquartered in Madison, Wisconsin, Epic has campuses with themes like “Wizard,.” because money spends easy for them. Founded by now-billionaire Judith Faulkner, the software itself sprang from their Chronicles database system (and it’s thanks to Epic that I know MUMPS). They reported revenue of 2.9 billion in 2018. Epic is largely preferred by university hospitals and large organizations because the revenue cycle portion of their software is pretty incredible. It’s so incredible that it makes the software difficult to adopt in other countries that place health data above billing data.

The billions to craft wizard-themed campuses were ultimately provided by sick people. The fact that every moment I spent at my job was being paid by someone in desperate pain never escaped my thoughts. In the US, where the poor are denied health care due to their inability to pay ever-escalating bills — it’s hard not to point directly at the EHR as one of the major contributors to those escalating costs.

Ransomware and Everyone: What else does the EHR put at risk?

One of the reasons I’m so grateful to not be ‘in the game’ anymore comes down to ransomware. While larger organizations are at risk, they often have cybersecurity divisions and others that continually ensure the safety of those systems. Smaller organizations, like non-profits, are in dangerous waters. Ransomware attacks against healthcare providers are picking up speed. With these attacks increasing in frequency, the likelihood of their effectiveness increases. And once again, those who will pay the consequences (financial and otherwise) are the patients.

What about the non-profits?

Non-profit and smaller organizations simply do not have the budget for the larger systems, and often they don’t have the capacity or resources to implement and maintain them. Unfortunately, many of the funding sources in use require these smaller clinics to adopt EHR’s. Once they begin the process, there’s no guarantee of its success. While consulting firms that want you to buy their services will announce the failure rate as 20%, it’s hard to determine the actual rate as the goes in play in many of these organizations will still claim a partially-used EHR as a success. Smaller non-profit healthcare organizations do not have the budget to compete to acquire high quality systems. They often do not have the administrative support that it takes to maintain the system integrity and are often forced to onboard more consultants and contractors to keep the system working.

It’s not just in EHR’s where non-profit health organizations find themselves regulated out of their abilities. ‘Simple’ rules like HIPAA can be a nightmare for small non-profits who house some patient information in home-grown systems using database backends like FoxPro. Their scrappy can-do solutioning can often lead them straight into dangerous territory when it comes to patient privacy. Once they are in deep, it’s rare they have the budget to spend their way to compliance.

“Right Work.”

In the end, I could no longer give my skills and insight to the industry that I was in. It’s so much more than “my heart wasn’t in it “— it’s that I knew I was part of one of the most complicated issues this country has faced. Instead of feeling like my work was contributing to people having access to amazing health care, I felt like I was helping an industry gain more and more access to people’s lives and livelihood. More often than not, my skills were used to bill / extract wealth, and not to increase patient health.

The work can be done by exceptional people, and some of my best friends still do this sort of work. I just can’t anymore.

It all comes down to this: I believe that healthcare is a human right. I believe that health underpins life, liberty, and the pursuit of happiness — and and that this country has failed to deliver on that promise because of the health procedure industrial complex. There are many wonderful people fighting good fights in health care. I just didn’t feel like I was one of them anymore.